CAM/CAFT Encryption

Document ID : KB000055162
Last Modified Date : 14/02/2018
Show Technical Document Details

The purpose of this document is to provide technical information about CAM/CAFT Encryption in the context of the eTrust Admin product.

Table of Content

  1. Scope

  2. Overview

  3. Technical Statements

  4. Appendix

1. Scope

The purpose of this document is to provide technical information about CAM/CAFT Encryption in the context of the eTrust Admin product.

2. Overview

CAM/CAFT packages are delivered for Windows, OpenVMS and Unix platforms as the communication channel for several eTrust Admin options.

Optionally, Encryption can be activated to protect the data and commands carried by the CAFT "File tranfer/Remote command" service.

A list of Technical Statements about the CAFT Encryption can be found in the following chapter.

3. Technical Statements

  1. Versions:

    The version of CAM/CAFT packages delivered within the current eTrust Admin version 8.1 SP2 and the subsequent Cumulative Releases (CR #7 on 03/30/07) is:

    • 1.11 build #29_20.

    Previously delivered within eTrust Admin version 8.1 or via separate PTFs:

    • 1.07 build #230 for Windows, AIX, HP-UX & Solaris/Sparc.

    • 1.07 build #233 for Linux/x86.

    Cam/Caft communications and Encryption are supported in a v1.07 - v1.11 mixed environment.

  2. Platform supported:

    Only the following platforms can activate the CAFT Encryption:

    • Windows: 2000, 2003, XP, Vista.

    • Unix: AIX, HP-UX, Solaris/Sparc, Linux/x86.

  3. Encryption provider:

    The CAFT Encryption functions are provided by the CA eTrust PKI v2.0 library delivered within the CAM/CAFT packages:

    • Windows: %CAI_CAFT\bin\libetpki.dll

    • Unix: 'cat /etc/catngcampath'/lib/libetpki.so

  4. Algorithm:

    The default and only available encryption algorithm is:

    • Triple-DES (168 bits key) with CBC mode.

  5. Installation:

    Steps to activate CAFT Encryption can be found in the eTrust Admin Unix Option guide, Chapter #2 "Installing and Configuring", "Install the CAM and CAFT Encryption Key" section.

    The Triple-DES 168 bits key created by the "caftkey" is unique and must be installed on all the involved machines.

4. Appendix

  1. Definitions, Acronyms and Abbreviations

    • eTrust Admin: On-Demand Provisioning and Password Management product of the CA Identity and Access Management (IAM) solution.

    • CAM/CAFT: CA Message Queing software (CAM/CAFT) is a lightweight Application-to-Application message queing service used by several CA products: Unicenter TNG, AMO, SDO and eTrust Admin. CAM is the "Messaging" service while CAFT is the "File Transfer/Remote command" service.

    • Encryption: In cryptography, Encryption is the process of obscuring information to make it unreadable without special knowledge using dedicated Hardware or Software components.

    • PKI: Public Key Infrastructure.

    • Triple-DES: Triple Data Encryption Standard

    • CBC mode: Cipher-block chaining mode

  2. References